Top of Page
 

How Has CAP Certification Evolved to Lead in Risk Management?

How Has CAP Certification Evolved to Lead in Risk Management?

Fourth Industrial Revolution technologies like artificial intelligence, IoT, 5G networks, cloud and blockchain have the potential to increase operational efficiencies and boost economic growth, but they could also increase cyber risk, resulting in forecast losses of $6 trillion USD this year, according The Global Risks Report 2020 from the World Economic Forum. As the needs in cyber risk management change, so must the credentials that support them. (ISC)² is answering the call with an updated Certified Authorization Professional (CAP) certification exam.

CAP information security practitioners champion system security commensurate with organizations’ missions and risk tolerance while meeting legal and regulatory requirements. The globally recognized credential confirms the knowledge, skill and experience required for using a broad range of frameworks to manage risk and to authorize and maintain information systems.

An Evolution of Expansion

CAP was developed and launched in 2005 by (ISC)² as a credential focused on the Certification & Authorization (C&A) process following the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). It was first updated when the U.S. government changed DIACAP to the Risk Management Framework and the terms C&A were replaced by Assessment & Authorization (A&A).

On August 15, 2021, the (ISC)² certification exam for CAP was updated again. The decision was made to expand CAP to reflect the more diverse day-to-day work of professionals earning the credential. What started out as certification primarily for U.S. government professionals using the Risk Management Framework (RMF) is now also for professionals working in the private sector and organizations around the world.

CAP’s content is refreshed to reflect the most pertinent issues authorization security professionals currently face, along with the best practices for mitigation. Some topics are updated, and others are realigned. The result is an exam that most accurately reflects the most current technical and practical knowledge required of cybersecurity professionals in pursuit of information system authorization.

As part of the CAP expansion, RMF is no longer the sole framework referenced – many other frameworks are now covered, including NIST SP 800-37 (Rev 2), ISO 27001, ISO 31000, FedRAMP and COBIT. In addition, privacy is more prevalent in the updated exam outline, reflecting the convergence of privacy and security in cybersecurity.

A specific breakdown of the CAP domains follows:

Domain Weight

Information Security Risk Management Program

16%

Scope of the Information System

11%

Selection and Approval of Security and Privacy Controls

15%

Implementation of Security and Privacy Controls

16%

Assessment/Audit of Security and Privacy Controls

16%

Authorization/Approval of Information System

10%

Continuous Monitoring

16%

Is CAP accredited?

CAP is ANSI-accredited for the ISO/IEC Standard 17024. In addition, CAPs are DoD 8570.01 approved and listed in 2 categories: IAM Level I and IAM Level II.

What level of professional experience is required?

Candidates must have a minimum of two years’ cumulative work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK). Candidates without the required experience may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have three years to earn the two years of required experience.

What’s the earning potential?

Certification Magazine’s 2021 salary survey ranks CAP at No. 27 on its list of most lucrative certifications with an average draw of $135,430 USD annually.

What continuing professional education is required to maintain certification?

CAP-credentialed professionals must participate in continuing professional education (CPE) and submit a minimum of 20 CPEs each year; 60 CPEs by the end of the 3-year recertification cycle.

CAP Certification and Maintenance Details

Length of Exam

3 hours/125 multiple-choice questions

Passing Score

700 out of 1,000

Exam Fee

$599 USD

Annual Maintenance

$125 USD

Testing Center

Pearson VUE

How CAP Certification Can Help You Succeed

Earning the globally recognized CAP certification is a proven way to build your career. The vendor-neutral credential shows you have the advanced knowledge and technical ability to formalize processes to assess risk and establish security documentation within a broad range of risk management frameworks.

Achieving CAP certification provides the added benefit of membership in (ISC)², the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. (ISC)² provides members with professional development courses through the Professional Development Institute (PDI); continuing professional education through industry events like Security Congress; technical webinars covering evolving cybersecurity trends; and benefits, such as the (ISC)² Community and InfoSecurity Professional magazine.

Learn more about how CAP can advance your risk management career strategy.

Get The eBook

Or, download your copy of The Ultimate Guide to the CAP and start your journey toward certification today.

Ok